VYPR

Advanced Electron Forum

by Advanced Electron Forum

CVEs (3)

  • CVE-2018-13000MedJun 29, 2018
    risk 0.31cvss 4.8epss 0.01

    An XSS issue was discovered in Advanced Electron Forum (AEF) v1.0.9. A persistent XSS vulnerability is located in the `FTP Link` element of the `Private Message` module. The editor of the private message module allows inserting links without sanitizing the content. This allows…

  • CVE-2008-1983Apr 27, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Advanced Electron Forum (AEF) 1.0.6 allows remote attackers to inject arbitrary web script or HTML via the beg parameter in a members action to index.php.

  • CVE-2009-2545Jul 20, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Advanced Electron Forum (AEF) 1.x, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the filename in an uploaded attachment. NOTE: the provenance of this information is unknown; the details are…